Package utils :: Module process_stalker :: Class process_stalker
[show private | hide private]
[frames | no frames]

Class process_stalker


This class was created to provide portable and re-usable Process Stalker functionality. Currently it is only being used by the pstalker PAIMEIconsole module.

To Do: This utility has really only been used in the pstalker PAIMEIconsole module, it needs to be tested to ensure that it can be utilized standalone.

Method Summary
  __init__(self, depth, filter_list, log, main, mysql, pida_modules, pydbg, tag_id, target_id, attach, load, args, heavy, ignore_first_chance, restore)
Initialize the process stalker object, not all arguments are required.
  export_mysql(self)
Export all the recorded hits to the database.
  handler_access_violation(self, pydbg)
If the shit hits the fan, we want to know about it.
  handler_breakpoint(self, pydbg)
The breakpoint handler is of course responsible for logging the code coverage.
  handler_load_dll(self, pydbg)
Generate debug messages on DLL loads and keep track of the last loaded DLL.
  handler_user_callback(self, pydbg)
This is my elegant solution to avoiding having to thread out the stalk routine.
  log(x)
  set_bps(self, module, last_dll)
Set breakpoints in the specified module.
  stalk(self)
This is the main routine of the process stalker utility class.

Class Variable Summary
NoneType args = None                                                                  
int attach = 0                                                                     
int BASIC_BLOCKS = 1                                                                     
code_coverage cc = <utils.code_coverage.code_coverage instance at 0x01...
NoneType depth = None                                                                  
bool detach = False
list filter_list = []
dict filtered = {}
int FUNCTIONS = 0                                                                     
bool heavy = False
bool ignore_first_chance = True
NoneType load = None                                                                  
NoneType main = None                                                                  
NoneType mysql = None                                                                  
NoneType pida_modules = None                                                                  
NoneType pydbg = None                                                                  
bool restore = False
NoneType tag_id = None                                                                  
NoneType target_id = None                                                                  

Method Details

__init__(self, depth, filter_list, log, main, mysql, pida_modules, pydbg, tag_id, target_id, attach=0, load=None, args=None, heavy=False, ignore_first_chance=True, restore=False)
(Constructor)

Initialize the process stalker object, not all arguments are required.
Parameters:
depth - 0 for function level stalking, 1 for basic block level stalking
           (type=Integer (self.FUNCTIONS=0 or self.BASIC_BLOCKS=1))
filter_list - List of (target id, tag id) tuples to filter from stalking
           (type=List)
log - Pointer to log routine that takes a single parameter, the log message
           (type=Function Pointer)
main - Name of the main module
           (type=String)
mysql - Connection to MySQL server
           (type=MySQLdb Connection)
pida_modules - Dictionary of loaded PIDA modules, keyed by module name
           (type=Dictionary)
pydbg - Self explanatory
           (type=PyDbg)
tag_id - ID of tag we are storing hits in
           (type=Integer)
target_id - ID ot target that contains the tag we are storing hits in
           (type=Integer)
attach - (Optional, def=0) Process ID of target to attach to
           (type=Integer)
load - (Optional, def=None) Command line to executable when loading target
           (type=String)
args - (Optional, def=None) Optional command line arguments to use when loading target
           (type=String)
heavy - (Optional, def=False) Controls whether or not context data is recorded
           (type=Boolean)
ignore_first_chance - (Optional, def=True) Controls reporting of first chance exceptions
           (type=Boolean)
restore - (Optional, def=False) Controls whether or not to restore hit breakpoints
           (type=Boolean)

export_mysql(self)

Export all the recorded hits to the database.

handler_access_violation(self, pydbg)

If the shit hits the fan, we want to know about it.

handler_breakpoint(self, pydbg)

The breakpoint handler is of course responsible for logging the code coverage.

handler_load_dll(self, pydbg)

Generate debug messages on DLL loads and keep track of the last loaded DLL.

handler_user_callback(self, pydbg)

This is my elegant solution to avoiding having to thread out the stalk routine.

set_bps(self, module, last_dll=None)

Set breakpoints in the specified module.
Parameters:
module - Name of module (exe or dll) to set breakpoints in
           (type=String)
last_dll - (Optional, def=None) System DLL instance, required for setting breakpoints in a DLL.
           (type=PyDbg System DLL Object)

stalk(self)

This is the main routine of the process stalker utility class. Once all the required member variables are set you call this routine to get the ball rolling and start stalking.

To Do: Add sanity checking to ensure all required member variables are set.


Class Variable Details

args

Type:
NoneType
Value:
None                                                                  

attach

Type:
int
Value:
0                                                                     

BASIC_BLOCKS

Type:
int
Value:
1                                                                     

cc

Type:
code_coverage
Value:
<utils.code_coverage.code_coverage instance at 0x01994120>             

depth

Type:
NoneType
Value:
None                                                                  

detach

Type:
bool
Value:
False                                                                  

filter_list

Type:
list
Value:
[]                                                                     

filtered

Type:
dict
Value:
{}                                                                     

FUNCTIONS

Type:
int
Value:
0                                                                     

heavy

Type:
bool
Value:
False                                                                  

ignore_first_chance

Type:
bool
Value:
True                                                                   

load

Type:
NoneType
Value:
None                                                                  

main

Type:
NoneType
Value:
None                                                                  

mysql

Type:
NoneType
Value:
None                                                                  

pida_modules

Type:
NoneType
Value:
None                                                                  

pydbg

Type:
NoneType
Value:
None                                                                  

restore

Type:
bool
Value:
False                                                                  

tag_id

Type:
NoneType
Value:
None                                                                  

target_id

Type:
NoneType
Value:
None                                                                  

Generated by Epydoc 2.1 on Fri Jun 16 17:16:26 2006 http://epydoc.sf.net